The Oracle Portlet Producer product (server) must be installed in the production environment and the wsrp-tools and portalTools URLs must be accessible. If the Oracle Portlet Producer is not installed, see the section "Extending an Existing Domain" in the Oracle Fusion Middleware Installation Guide for Oracle WebCenter to install it in the production environment.

When you create a connection to a portlet producer, the producer is registered with the WebCenter application and the connection is added to the connections.xml file. For WRSP producers, a Web service connection is also created, which follows the naming convention, connectionname-wsconn. For Oracle PDK-Java producers, an underlying URL connection is created, which follows the naming convention, connectionname-urlconn. During the registration, connection metadata is created in the Oracle Metadata Services (MDS) repository and in the producer being registered. When a producer is consumed, the user customizations are saved to the producer. During deregistration the producer connection and customizations are removed.

Portlet producer registration is dynamic. New portlet producers and updates to existing producers are immediately available in the WebCenter application; it is not necessary to restart the WebCenter application or the managed server.

For information about how to register WSRP producers at design-time, using JDeveloper, see the section "How to Register a WSRP Portlet Producer" in the Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.

21.2.1 Registering a WSRP Producer Using Fusion Middleware Control

To register a WSRP portlet producer:

Log in to Fusion Middleware Control and navigate to the home page for your custom WebCenter application (or WebCenter Spaces). For more information, see:

portlets wsrp(1|2)?WSDL is static text. All producers deployed to the Oracle WSRP container are exposed as WSRP version 1 and version 2 producers.

In WebCenter Spaces, only v2 WSDLs are supported for Oracle WebLogic Portal Producers.

For example:

http://myhost.com:7778/MyPortletApp/portlets/wsrp2?WSDL

For WSRP producers, you can obtain this registration URL by accessing the producer test page at:

http://host_name:port_number/context_root/info

Use Proxy?

Select if the WebCenter application must use an HTTP proxy when contacting this producer. If selected, enter values for Proxy Host and Proxy Port.

A proxy is required when the WebCenter application and the remote portlet producer are separated by a firewall and an HTTP proxy is needed to communicate with the producer.

Proxy Host

Enter the address for the proxy server.

Do not prefix http:// to the proxy server name.

Proxy Port

Enter the port number on which the proxy server listens. The default port is 80.

Default Execution Timeout (Seconds)

Enter a suitable timeout for design time operations. For example, the maximum time the producer may take to register, deregister, or display portlets on WebCenter pages.

Individual portlets may define their own timeout period, which takes precedence over the value expressed here.

This default is 30 seconds.

Use the Security section to specify the type of security token to use for the identity propagation/assertion.

The security token with the propagated or asserted user information is represented as an XML element in the SOAP header. The security token and the SOAP message body are then digitally signed to prove the authenticity of the SOAP message origin from the WebCenter application. WebCenter Spaces supports three types of security tokens: Username Tokens Without Password, Username Tokens With Password, and SAML Tokens.

Note:

PeopleSoft WSRP producers support two profiles: Username Token With Password and SAML Token With Message Integrity. Oracle Portal (as a consumer) supports three profiles: Username Token Without Password, Username Token With Password, SAML Token With Message Integrity. Other Oracle WSRP producers support all profiles. For other WSRP containers, check with the specific vendor to determine the token formats they support.

Use this token profile if the WSRP producer has a different identity store. You must define an external application pertaining to the producer and associate the external application with this producer. The external application defined here is used to retrieve and propagate the user credentials to the producer. The producer verifies this against the identity store configured for the external application.

When you select this policy, you must also specify the Recipient Alias.

When you select this policy, you must also specify the Recipient Alias.

WSS 1.1 SAML Token with Message Protection(oracle/wss11_saml_token_with_message_protection_client_policy)—This policy provides message-level protection (integrity and confidentiality) and SAML token population for outbound SOAP requests in accordance with the WS-Security 1.1 standard. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. This policy uses the symmetric key technology for signing and encryption, and WS-Security's Basic128 suite of asymmetric key technologies for endorsing signatures.

Configuration

Select:

Default to use a default token profile configuration.

Custom to provide a custom Oracle Web Service Manager configuration.

Additional security options display (including all the keystore properties) when you select Custom.

Issuer Name

Enter the name of the issuer of the SAML Token.

For example: www.example.com

The issuer name is the attesting entity that vouches for the verification of the subject, and it must be a trusted SAML issuer on the producer end.

Enter a user name to assert to the remote producer when the user is not authenticated with the WebCenter application.

When unauthenticated, the identity anonymous is associated with the application user. The value anonymous may be inappropriate for the remote producer, so it may be necessary to specify an alternative identity here. Keep in mind though, that in this case, the WebCenter application has not authenticated the user so the default user you specify should be a low privileged user in the remote producer. If the user has authenticated to the application, the user's identity is asserted rather than the default user.

If this producer uses an external application for authentication, use the Associated External Application dropdown list to identify the application. If the application you want is not listed, select Create New to define the external application now.

Use the Keystore section to specify the location of the key store that contains the certificate and private key that is used for signing some parts (security token and SOAP message body) of the SOAP message.

Specify the key store alias that is associated with the producer's certificate.

This certificate is used to encrypt the message to the producer.

Store Path

Enter the absolute path to the keystore that contains the certificate and the private key that is used for signing or encrypting the soap message (security token and message body). The signature, encryption, and recipient keys described in this table must be available in this keystore.

The keystore should be created using JDK's keytool utility.

Password

Provide the password to the keystore that was set when the keystore was created. The producer is not available if a password is not specified or incorrect.

Signature Key Alias

Enter the signature key alias.

The Signature Key Alias is the identifier for the certificate associated with the private key that is used for signing.

Signature Key Password

Enter the password for accessing the key identified by the alias specified in Signature Key Alias.

Enter a unique name that identifies this portlet producer registration within the WebCenter application. The name must be unique across all WebCenter connection types.

The name you specify here appears in the Oracle Composer (under the Portlets folder).

Producer Type

Indicate the type of this producer. Select Oracle PDK-Java Producer.

URL End Point

Enter the Oracle PDK-Java producer's URL using the following syntax:

http://host_name:port_number/context_root/providers

Where:

host_name is the server where the producer is deployed

port_number is the HTTP Listener port number

context_root is the Web application's context root.

providers is static text.

For example:

http://myHost.com:7778/myEnterprisePortlets/providers

Service ID

Enter a unique identifier for this producer.

PDK-Java enables you to deploy multiple producers under a single adapter servlet. Producers are identified by their unique service ID. A service ID is required only if the service ID is not appended to the URL end point.

For example, the following URL endpoint requires sample as the service ID:

http://domain.example.com:7778/axyz/providers

However, the following URL endpoint, does not require a service ID:

http://domain.example.com:7778/axyz/providers/sample

The service ID is used to look up a file called <service_id>.properties, which defines the characteristics of the producer, such as whether to display its test page. Use any value to create the service ID. When no Service ID is specified, _default.properties is used.

Use Proxy?

Select this checkbox if the WebCenter application must use an HTTP proxy when contacting this producer. If selected, enter values for Proxy Host and Proxy Port.

A proxy is required if the WebCenter application and the remote portlet producer are separated by a firewall and an HTTP proxy is needed for communication with the producer.

Proxy Host

Enter the host name for the proxy server.

Do not prefix http:// to the proxy server name.

Proxy Port

Enter the port number on which the proxy server listens. The default port is 80.

Select to enable a user session when executing portlets from this producer. When sessions are enabled, they are maintained on the producer server. This allows the portlet code to maintain information in the session.

Message authentication uses sessions, so if you specify a shared key, you must also select this option.

For sessionless communication between the producer and the server, do not select this option.

Default Execution Timeout (Seconds)

Enter a suitable timeout for design time operations. For example, the maximum time the producer may take to register, deregister, or display portlets on WebCenter pages. This defaults to 30 seconds.

Individual portlets may define their own timeout period, which takes precedence over the value expressed here.

Subscriber ID

Enter a string to identify the consumer of the producer being registered.

When a producer is registered with an application, a call is made to the producer. During the call, the consumer (WebCenter application in this instance) passes the value for Subscriber ID to the producer. If the producer does not see the expected value for Subscriber ID, it might reject the registration call.

Shared Key

Enter a shared key to use for producers that are set up to handle encryption.

The shared key is used by the encryption algorithm to generate a message signature for message authentication. Note that producer registration fails if the producer is set up with a shared key and you enter an incorrect shared key here. The shared key can contain between 10 and 20 alphanumeric characters.

This key is also used when registering a producer using the Federated Portal Adapter (FPA). The Shared Key is also known as the HMAC key.

21.6.3 Migrating WSRP Producer Metadata to a New WSDL URL

If you want to move a WSRP producer to a new WSDL URL, you can use the exportPortletClientMetadata, setWSRPProducer, and importPortletClientMetadata WLST commands to migrate the existing producer metadata to the new location. Before importing the producer metadata, you must deregister the existing producer and then reregister the producer with the new URL endpoint. If you do not reregister the producer, "Portlet Unavailable" messages display in your WebCenter application.

Use Fusion Middleware Control or the WLST command deregisterWSRPProducer to remove the existing producer connection, and the producer's metadata, from the WebCenter application. For more information, see Section 21.7, "Deregistering Producers."

21.7 Deregistering Producers

You can deregister producers at any time but, before doing so, consider any impact to the WebCenter application as portlets associated with a deregistered producer no longer work. Check the Portlets Producer Invocation metric to see how frequently the producer is being used. For more information, see Section 30.2, "Viewing Performance Information."

When you deregister a producer, registration data is removed from both the WebCenter application and the remote producer:

WebCenter application - The producer connection is deleted and producer metadata is also deleted.

21.8.1 Understanding Portlet Producer Application Deployment

You can deploy your portlet producer application to any Oracle WebLogic Managed Server instance that is configured to support WebCenter portlet producers. To deploy an application to a managed server, you can use Oracle Enterprise Manager Fusion Middleware Control, Oracle WebLogic Administration Console, or WLST. For more information about these administration tools, see Section 1.12, "Oracle WebCenter Administration Tools."

To deploy JSR 168 portlets to the WSRP Oracle Portlet Container, the portlet application EAR files must be converted into a WSRP application, which contains the necessary WSDL documents. To convert the JSR 168 portlet producer EAR file into a WSRP EAR file, run the WSRP producer predeployment tool located in the Middleware directory at WC_ORACLE_HOME/webcenter/modules/oracle.portlet.server_11.1.1, as follows:

java -jar wsrp-predeploy.jar source EAR target EAR

For JSR 168 portlets developed with servlet version 2.3, you must specify Web proxies using the following command:

The wsrp-predeploy.jar predeployment tool makes all the necessary changes to a JSR 168 portlet to be able to deploy it to the Oracle portlet container and expose it as a WSRP producer. Here are some examples of what the predeployment tool does:

For applications that support post deployment registration of producers, the producer must be registered at least once at design time. This adds PortletServletContextListener to the web.xml file, which registers the appropriate runtime MBeans to enable post deployment registration of producers. For example, see the text in bold in the following web.xml snippet:

21.9.2 Portlet Unavailable: WSM-00101 Exception

Setting up the User Name with Password token profile in a WSRP portlet producer throws the exception WSM-00101.

Problem

If you configure the User Name with Password Token profile for a WSRP producer through Fusion Middleware Control (or WLST) while portlets associated with this producer are in use, the portlets display the following exception in the WebCenter application:

oracle.wsm.common.sdk.WSMException: WSM-00101:
The specified Keystore file
/keys/user_projects/domains/pv_0309/config/fmwconfig/default-keystore.jks
cannot be found; it either does not exist or its path is not included in the application classpath.